A 19-year-old UWO computer science student, Stephen Solis-Reyes, takes six hours to hack into the Canada Revenue Agency using the Heartbleed bug. The National Security Agency admits to using it for the past two years. Solis-Reyes admits he took no data and damaged nothing.
He was just curious, so one afternoon he accessed CRA confidential data. Simple. Why is he the only one identified as using this flaw? Is it politically incorrect to finger the NSA? Or does the CRA just need a quick, convenient, easy-to-arrest scapegoat to mask its embarrassment? The CRA should hire this fellow and pay him well to find more flaws before the crooks do, rather than persecute him for his curiosity. After all, he did not create either the software flaw or the virus, he just tested them. He should not be prosecuted for his genius.